b"Securities and Exchange\n    Commission\n      Office of Inspector General\nDuring the second half of fiscal year 2005, the Office of Inspector\nGeneral assisted the Commission to:\n     Enhance the effectiveness of the procedures used to\n     target B/D compliance inspections and examinations,\n     Strengthen the Commission\xe2\x80\x99s Information Technology\n     security controls,\n     Enhance the integrity of the Commission and its staff by:\n        \xe2\x80\xa2 Investigating allegations of staff and contractor\n          misconduct,\n        \xe2\x80\xa2 Inspecting the effectiveness of the integrity program\n          in Commission offices, and\n        \xe2\x80\xa2 Identifying the need for additional guidance on\n          certain ethics issues,\n     Improve the processes for personnel recruitment,\n     classification, and staffing,\n     Enhance implementation of the Government Performance\n     and Results Act,\n     Protect sensitive personnel information within the\n     Commission,\n     Strengthen physical security at the Operations Center and\n     controls over contractor IDs, and\n     Enhance the effectiveness of operations in the Office of\n     the Secretary.\n\x0c                                                                                   PAGE 2\n\n\n\n                                  Executive Summary\nDuring this period (April 1, 2005 to September 30, 2005), the Office of Inspector General\n(Office) issued seven audit reports, one audit memorandum, two investigative memoranda on\nmanagement issues, and one report on a special project. These evaluations focused on the\nCommission\xe2\x80\x99s information technology security program; targeting of broker/dealer\ncompliance examinations; management of the Office of the Secretary; the ethics program in\nthe field offices; implementation of the Government Performance and Results Act;\nrecruitment, classification, and staffing; access to sensitive information in the payroll and\npersonnel information system (FPPS); ethics guidance for departing employees and\nenforcement attorneys on official travel; and Operations Center building security.\nTwelve investigations were closed during the period. Six subjects were referred to the\nDepartment of Justice, which declined prosecution of five subjects. The referral of one\nsubject to the Department of Justice is pending. Nine subjects were referred to the\nCommission. Four subjects resigned; one subject was counseled and divested stock causing a\nconflict of interest. Four subjects referred to the Commission during this period are awaiting\ndisposition. In addition, one subject referred during a prior period resigned, and another\nagreed to retire. The Investigative Program section below describes the significant cases.\nInformation resources management (IRM) has been previously reported as a significant\nproblem. During this period, the Commission continued to improve its management of these\nresources, but significant weaknesses remain. We intend to maintain our audit focus in this\nimportant area.\nAn audit completed in a prior period found that Commission financial management controls\nfor fiscal year 2002 were effective in all material respects except for controls over property\naccountability, accounting and control of disgorgements, information system and security\nprogram controls, and the Disgorgement and Penalties Tracking System. We reported these\nexceptions, taken together, as a significant problem.\nThe Government Accountability Office (GAO) identified similar weaknesses in its audit of\nthe Commission\xe2\x80\x99s fiscal year 2004 financial statements (except for property accountability -\nthe value of the property account balance was below the materiality threshold). The\nCommission is continuing to take actions to address the weaknesses in financial\nmanagement controls.\nNo management decisions were revised during the period. The Office of Inspector General\nagrees with all significant management decisions regarding audit recommendations.\n\n\n\n                                            Audit Program\nThe Office issued seven audit reports, one audit memorandum, two investigative\nmemoranda on management issues, and one report of a special project during the reporting\nperiod. These documents contained a total of 79 recommendations, which are further\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                  OCTOBER 31,\n2005\n\x0c                                                                                  PAGE 3\n\n\nsummarized below. Management generally concurred with the recommendations, and in\nmany cases took corrective actions during the audits.\n\n\nRECRUITMENT, CLASSIFICATION, AND STAFFING (AUDIT 389)\nWe reviewed the Office of Human Resource\xe2\x80\x99s (OHR) recruitment, classification, and staffing\nprocedures to determine whether they were efficient and effective. We found that they\nwere, for the most part.\nOver the last several years, OHR has expanded its recruitment efforts and hired over 1000\nnew staff as the Commission\xe2\x80\x99s budget increased. To further enhance its procedures, OHR\nrecently implemented a human resources staffing and classification service, Avue Digital\nServices (ADS), to automate the staffing and classification process.\nWe recommended that the use of ADS be improved by providing additional training to OHR\nstaff and Commission managers, and by updating position descriptions in the ADS system.\nWe also recommended improved procedures for terminating management level access to\nADS for separating employees.\n\n\nTARGETING B/D COMPLIANCE EXAMINATIONS (AUDIT 394)\nWe reviewed the Commission\xe2\x80\x99s targeting of Broker/Dealer (B/D) compliance examinations.\nThe Examination program consists of the Office of Compliance Inspections and\nExaminations (OCIE) and the Examination staff in the field offices.\nWe found that the targeting process was generally effective and efficient. The BD\nexamination program has been incorporating the Commission\xe2\x80\x99s increased emphasis on risk\ninto its processes (e.g., conducting risk workshops, increasing the use of sweeps and mini-\nsweeps, etc.).\nWe made several recommendations to enhance the BD targeting process by increasing the\nlikelihood that issues are identified timely. Our recommendations included automating and\nintegrating risk-based information; assessing and documenting the risk level assigned to\nBDs by the Self Regulatory Organizations (SROs); reviewing the goal for conducting\noversight examinations; developing a timeliness performance measure; improving how\ninvestor complaints are used; and preparing financial information.\n\n\nINSPECTION OF THE INTEGRITY PROGRAM IN FIELD OFFICES\n(REPORT 395)\nWe evaluated the Commission\xe2\x80\x99s integrity programs (i.e., ethics and staff conduct) in four of\nfive regional offices and four of six district offices. The evaluation used workshops with\nCommission field office staff to identify successes, obstacles, recommendations, and\neffectiveness ratings for the integrity programs.\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                 OCTOBER 31,\n2005\n\x0c                                                                                    PAGE 4\n\n\nThe staff generally indicated that the objectives of the integrity programs were being\nimplemented, although some obstacles were impairing full implementation. As in prior\nevaluations, the participants indicated that they felt a personal sense of responsibility for\nmaintaining the integrity of the Commission.\nMost of the participants also indicated that they felt a strong sense of an ethical tradition at\nthe Commission and that employees live up to the Commission\xe2\x80\x99s integrity expectations.\nWorkshop participants overwhelmingly reported that integrity is a high priority at, and an\nintegral value of, the Commission. The participants in the workshops expressed a desire\nfor better communication of policies from management, more frequent ethics training, and\nresponsive and well-trained ethics advisors.\nWe recommended that the Office of Human Resources, in conjunction with the Offices of\nthe Chairman and Executive Director, implement its plans for an employee manual to\neffectively communicate management policies to Commission staff. We also recommended\nthat the Office of Compliance Inspections and Examinations implement its plans to\nestablish and train ethics liaisons from the Examination and Inspection Program in each\nfield office, and to hold an ethics video-conference annually with all the field offices.\n\n\nGOVERNMENT PERFORMANCE AND RESULTS ACT \xe2\x80\x93 2004\n(AUDIT 399)\nThe Government Performance and Results Act (GPRA) requires verifiable, quantifiable and\nmeasurable program performance measures. Also, agencies must now prepare five-year\nstrategic plans and annual performance budgets and reports. The performance budgets\nshould link strategic and long-term performance goals from the strategic plan to annual\nperformance goals.\nWe reviewed implementation of GPRA at the Commission. Our objective was to determine\nwhether the performance measures in the Commission\xe2\x80\x99s FY 2006 performance budget were\ndeveloped in accordance with Office of Management and Budget (OMB) guidance, were\nuseful to management, and provided information on progress toward GPRA goals.\nThe Office of Financial Management (OFM) facilitated communication between the staff\nresponsible for selecting the performance measures, and sought senior management\ninvolvement in the process. These activities were recognized as \xe2\x80\x9cbest practices\xe2\x80\x9d by the\nNational Performance Review.\nWe found that the GPRA performance measures in the FY 2006 performance budget\ngenerally met OMB\xe2\x80\x99s requirements. However, of the 27 measures in the performance\nbudget, six did not include required target data. We recommended that, in developing\nfuture performance measures, the Commission ensure that the goals in its performance\nbudget include targets; use \xe2\x80\x9cprocess analysis\xe2\x80\x9d methodology; and use Enterprise\nArchitecture data from the Office of Information Technology.\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                    OCTOBER 31,\n2005\n\x0c                                                                                    PAGE 5\n\n\nOFFICE OF THE SECRETARY (AUDIT 402)\nThe Commission\xe2\x80\x99s Office of the Secretary has numerous responsibilities. These include\nscheduling Commission meetings, administering the Commission's seriatim and duty-\nofficer processes, operating the Louis Loss Library, and preparing and maintaining records\nof Commission actions.\n The Office reviews all staff documents submitted to and approved by the Commission, and\nreceives and processes documents submitted by outside parties. The Office also provides\nadvice to the Commission and its staff on questions of practice and procedure, and\npublishes official documents in the Federal Register, the SEC Docket, and the\nCommission\xe2\x80\x99s website.\nOur review of the Office found that it was generally effective and efficient in its operations,\nalthough some controls and procedures needed to be strengthened. Our recommendations\nincluded improving controls over government passports, processing public comment letters\nmore effectively, considering discontinuation or more efficient publication of the SEC\nDocket, posting forms on the Commission\xe2\x80\x99s Intranet site (Insider), improving access\ncontrols for separating employees, and improving the Library\xe2\x80\x99s acquisitions process.\n\n\nFEDERAL INFORMATION MANAGEMENT SECURITY ACT - 2005\n(REPORT 406)\nSECURITY CERTIFICATION AND ACCREDITATION OF ACTS PLUS\n(AUDIT 409);\nSECURITY CERTIFICATION AND ACCREDITATION OF EFOIA SYSTEM\n(AUDIT 410);\nIT SECURITY CERTIFICATION AND ACCREDITATION PROCESS\n(AUDIT 411)\nWe hired a contractor to evaluate the Commission\xe2\x80\x99s information technology security\nprogram under the provisions of the Federal Information Management Security Act\n(FISMA). The contractor prepared answers to the 2005 FISMA questionnaire supplied by\nOMB, evaluated two major Commission applications (Acts Plus and EFOIA) using guidance\nissued by the National Institute of Standards and Technology (NIST), and evaluated the\noverall certification and accreditation process used by the Commission.\nWe found that the Commission has made significant progress in developing a mature\ninformation security program, and has addressed many previously identified security\nvulnerabilities. The Commission reported that it has certified and accredited over half of\nits systems (12 of 20), made improvements in its tracking and reporting of Plans of Action\nand Milestones (POA&Ms), developed an inventory of Commission systems, and completed\nand tested contingency plans for several major applications, among other accomplishments.\nWe identified a number of significant deficiencies, however. Eight systems, including the\nGeneral Support System (on which the security of other major systems rely), have not been\naccredited. In our opinion, the certification agent for the twelve certified and accredited\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                    OCTOBER 31,\n2005\n\x0c                                                                                 PAGE 6\n\n\nsystems was not independent (the same contractor that developed draft system\ndocumentation was hired to certify and accredit the systems). In addition, the processes for\nthe security test and evaluation and for POA&Ms needed improvement.\nWe also identified several deficiencies within the ACTS Plus and EFOIA applications,\nincluding system contingency and security issues.\n\n\nADDITIONAL EMPLOYEE ETHICS TRAINING (REPORT G-398)\nTwo investigations recently conducted by our Office showed a need for additional ethics\nguidance. Specifically, we recommended that the Office of General Counsel provide clearer\nguidance for departing employees, particularly attorneys, on post-employment restrictions\nand notification requirements. We also recommended that the Division of Enforcement\nprovide specialized training for Enforcement attorneys on ethical issues, particularly those\nrelated to official government travel.\n\n\nACCESS TO PAYROLL DATA (REPORT G-417)\nDuring a recent investigation, we learned that budget staff in the Office of Financial\nManagement (OFM) had unrestricted access to the Federal Personnel and Payroll System\n(FPPS). Budget staff need FPPS access to process certain personnel actions (e.g.,\npromotions) controlled by OFM. However, FPPS information is sensitive and subject to the\nPrivacy Act, and therefore FPPS access should be restricted to the extent possible.\n\nWe recommended that OFM restrict FPPS access (through a request to system owner, the\nDepartment of the Interior) and train its budget staff on the proper use of this sensitive\ninformation, as it planned to do.\n\n\nOPERATIONS CENTER BUILDING SECURITY\n(AUDIT MEMORANDUM 39)\nDuring an investigation, we learned that the Office of Administrative Services (OAS) was\nconcerned about building security at the Operations Center. OAS\xe2\x80\x99s concerns included\nbuilding access and ID keycards issued to contractor employees.\nWe performed a limited survey on these two issues, and recommended that OAS take steps\nto reduce the risk of unauthorized entry to the Operations Center. Also, we recommended\nthat OAS and the Office of Information Technology improve procedures related to\ncontractor IDs, including cancellation of the IDs when contractors separate.\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                 OCTOBER 31,\n2005\n\x0c                                                                                 PAGE 7\n\n\n\n                                     Investigative Program\nTwelve investigations were closed during the period. Six subjects were referred to the\nDepartment of Justice, which declined prosecution as to five subjects. The referral of one\nsubject to the Department of Justice is pending. Nine subjects were referred to the\nCommission. Four subjects resigned; one subject was counseled and divested stock causing\na conflict of interest. Four subjects referred to the Commission during this period are\nawaiting disposition. In addition, one subject referred during a prior period resigned, and\nanother agreed to retire. The most significant cases closed during the period are described\nbelow.\n\n\nCONFLICT OF INTEREST\nAn Office investigation found evidence that a staff member had participated personally and\nsubstantially in a particular matter in which the staff member had a financial interest, in\nviolation of the conflict of interest laws. The staff member had properly disclosed the\nfinancial interest on the required financial disclosure forms. The staff member was\ncounseled and divested the financial holdings that exceeded the statutory threshold. The\nDepartment of Justice declined prosecution.\n\n\nILLEGAL GRATUITIES AND ETHICS VIOLATIONS\nThe Office investigated allegations that two staff members had improper relationships with\ncontractors working on Commission projects and had received illegal gratuities from these\ncontractors.\nWe found evidence that one staff member frequently socialized with various contractor\npersonnel, and accepted meals and gifts from prohibited sources in violation of the ethics\nrules. There was also evidence that one contractor performed work in the staff member\xe2\x80\x99s\nformer residence, possibly for less than fair market value, and that the staff member had\ndiscussed a possible future business relationship with the contractor. The Department of\nJustice declined prosecution. The staff member resigned before administrative action was\ntaken.\nOur investigation also found evidence that the second staff member, a supervisor, had\npurchased a used vehicle from a contractor, possibly for less than fair market value. There\nwas also evidence that the supervisor had accepted meals from contractors in violation of\nthe ethics rules and failed to take corrective action concerning subordinates\xe2\x80\x99 violations of\nthe ethics rules, of which the supervisor was aware. The Department of Justice declined\nprosecution. The supervisor was reassigned to a non-sensitive, non-supervisory post. Final\nadministrative action is pending.\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                 OCTOBER 31,\n2005\n\x0c                                                                                 PAGE 8\n\n\nINFORMATION TECHNOLOGY SECURITY IRREGULARITIES\nAn Office investigation developed evidence that a trusted employee had circumvented\nvarious information technology security controls, misused computer resources, and\nattempted to cover up some of those activities during an OIG audit. We also found evidence\nthat the staff member violated time and attendance requirements and made threatening\nstatements in e-mails. The Department of Justice declined prosecution, and the employee\nresigned after removal was proposed.\n\n\nPOST EMPLOYMENT VIOLATIONS\nAn investigation developed evidence that a former senior official violated the applicable\none-year ban on communications with the agency by discussing pending matters with staff\nmembers. We also found evidence that the former senior official\xe2\x80\x99s communications with the\nstaff violated the permanent ban on communications involving particular matters in which\nthe former employee had personally and substantially participated while employed at the\nagency. We referred the matter to the Civil Division of the Department of Justice and\nCommission management; action is pending.\nAnother Office investigation found evidence that a former staff member had disclosed non-\npublic Commission information to opposing counsel in a Commission case in violation of\nCommission and Bar rules. Information obtained after completion of the investigation\nrevealed additional similar violations of Commission and Bar rules. We referred the\nmatter, including the additional information, to Commission management. Administrative\naction against the former employee is pending.\n\n\nSOLICITATION AND ACCEPTANCE OF A GIFT\nAn investigation found evidence that a supervisor solicited and accepted from a subordinate\nfree admission passes that the subordinate obtained from a prohibited source. There was\nalso evidence that the supervisor had accepted other gifts from subordinates in violation of\nthe ethics rules. The supervisor resigned after demotion to a non-supervisory position was\nproposed.\n\n\nUNAUTHORIZED DISCLOSURE\nAn investigation found evidence that a staff member had disclosed non-public Commission\ninformation to persons outside the Commission without authorization on several occasions.\nWe also found evidence that the staff member had been less than candid when questioned\nby supervisors and failed to follow supervisory instructions. The Department of Justice\ndeclined prosecution, and the staff member resigned after removal was proposed.\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                 OCTOBER 31,\n2005\n\x0c                                                                                  PAGE 9\n\n\n\n                                      Significant Problems\nNo new significant problems were identified during the period.\n\n\n\n           Significant Problems Identified Previously\n\nFINANCIAL MANAGEMENT SYSTEMS CONTROLS\nAn OIG contractor completed an audit of Commission financial management systems\ncontrols during a prior period (Audit No. 362). The audit found that Commission financial\nmanagement controls for fiscal year 2002 were effective in all material respects, based on\ncriteria established under the Federal Managers Financial Integrity Act, except for three\nmaterial weaknesses and one material non-conformance.\nThe exceptions concerned property accountability, accounting and control of disgorgements,\ninformation system and security program controls, and the Disgorgement and Penalties\nTracking System. We reported that, taken together, these financial management\nexceptions are a significant problem for the Commission. Management concurred with our\nrecommendations to strengthen these financial controls, and promptly began to take\nactions to correct the weaknesses.\nThe Government Accountability Office (GAO) performed the audit of the Commission\xe2\x80\x99s first\nfinancial statements (for fiscal year 2004). The audit found that the Commission made\nsignificant progress during the year in building a financial reporting structure for\npreparing financial statements for audit. GAO also found that the SEC property account\nbalance was below the threshold for materiality; as a consequence we are removing\nproperty accountability as an element of this significant problem. However, GAO identified\nmaterial internal control weaknesses in the areas of preparing financial statements and\nrelated disclosures, recording and reporting disgorgements and penalties, and information\nsecurity, which will be the basis for this significant problem in the future.\nManagement is continuing its actions to address the weaknesses identified by GAO and our\noffice. GAO will review these actions in connection with its audit of the Commission\xe2\x80\x99s fiscal\nyear 2005 financial statements, currently under way.\n\n\nINFORMATION TECHNOLOGY MANAGEMENT\nSince 1996, we have reported information technology management (formerly described as\ninformation resources management) as a significant problem based on weaknesses\nidentified by audits, investigations, and management studies. Significant information\ntechnology (IT) weaknesses of continuing concern include IT capital investment decision-\nmaking; information systems security; administration of IT contracts; IT project\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                  OCTOBER 31,\n2005\n\x0c                                                                                PAGE 10\n\n\nmanagement; enterprise architecture (EA) management; and management of software\nlicenses.\nDuring this reporting period, the Office of Information Technology (OIT) took numerous\nsteps to improve IT management. OIT indicated that these steps included:\n    \xe2\x80\xa2    Capital Investment Decision-Making: implementing an enterprise-wide IT\n         investment portfolio process, which resulted in the Commission\xe2\x80\x99s designated\n         decision authorities reviewing and approving 90 percent of the Commission\xe2\x80\x99s\n         Development, Modernization, and Enhancement budget; and providing Capital\n         Planning and Investment Control (CPIC) decision authorities monthly IT portfolio\n         status reports to facilitate the monitoring and timely management of investment\n         schedules and cost slippages.\n    \xe2\x80\xa2    Information Systems Security: certifying and accrediting over half of the\n         Commission\xe2\x80\x99s major systems (12 out of 20); completing and testing contingency\n         plans for several major applications; initiating a Privacy Impact Assessment\n         program; making improvements to the process for tracking and reporting Plans of\n         Action & Milestones (POA&Ms) to OMB; tracking information security costs through\n         the CPIC process; relocating the backup data center outside Washington, DC; and\n         establishing a project plan to implement Homeland Security Directive 12, which will\n         integrate physical and IT access controls with federal requirements and best\n         practices.\n    \xe2\x80\xa2    Administration of IT Contracts and Project Management: achieving Federal\n         Level 2 IT project manager certification for 90 percent of the Project Management\n         Office\xe2\x80\x99s (PMO) project managers; establishing a project baseline change\n         management process that requires decision authority review and approval prior to\n         changing a project\xe2\x80\x99s cost and schedule; and initiating a project close-out process\n         which provides the Commission\xe2\x80\x99s decision authorities documented results and\n         lessons learned for each IT project.\n    \xe2\x80\xa2    Enterprise Architecture: completing and releasing an EA Communication Plan;\n         continuing validation of the Business Reference Model with Commission business\n         units; completing development of prescribed EA frameworks; starting the\n         development of a high-level Data Reference Model, Service Reference Model, and\n         Technical Reference Model; and improving the Commission\xe2\x80\x99s Change Management\n         Process.\n    \xe2\x80\xa2    Software Licensing: consolidating software license management into the Asset\n         Management Branch, which serves as the central manager for all enterprise license\n         acquisition and renewal actions; actively monitoring software use on all SEC\n         workstations through the use of Microsoft SMS 2003 and the application\xe2\x80\x99s inventory\n         module; using BigFix to review software operating on all SEC workstations; and\n         establishing an official inventory list of applications authorized and supported on\n         the SEC\xe2\x80\x99s network.\n\nDuring this period, we evaluated the Commission\xe2\x80\x99s information security program (required\nby the Federal Information Security Management Act). See the Audit Program section\nabove.\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                 OCTOBER 31,\n2005\n\x0c                                                                                 PAGE 11\n\n\nAlthough OIT continues to take action to address and correct many of the longstanding IT\nweaknesses that we have reported, we still consider IT management to be a significant\nproblem. We intend to continue our oversight of the Commission\xe2\x80\x99s progress in correcting the\nmany longstanding weaknesses in its IT business processes and management controls.\n\n\n\n                                    Access to Information\nThe Office of Inspector General has received access to all information required to carry out\nits activities. No reports to the Chairman, concerning refusal of such information, were\nmade during the period.\n\n\n\n                                               Other Matters\n\nAUDIT OF COMMISSION FINANCIAL STATEMENTS\nUnder the Accountability of Tax Dollars Act, the Commission is now required to prepare\naudited financial statements.\nThe U.S. General Accounting Office is currently completing the financial statement audit of\nthe Commission for fiscal year 2005, and is expected to perform the audit for fiscal year\n2006. Our Office is evaluating whether it will be required to conduct this audit in fiscal\nyear 2007 and subsequent years.\n\n\nEXTERNAL COORDINATION\nThe Office actively participates in the activities of the Executive Council on Integrity and\nEfficiency (ECIE). The Inspector General attends ECIE meetings and is an active member\nof its Financial Regulatory Institutions Committee. He also serves as a member of the\nIntegrity Committee (established by Executive Order No. 12993).\nThe Deputy Inspector General is an active member of the Federal Audit Executive Council\n(FAEC). The FAEC considers audit issues relevant to the Inspector General community.\nThe Counsel to the Inspector General is an active member of the PCIE Council of Counsels.\nThe Council considers legal issues relevant to the Inspector General community.\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                  OCTOBER 31,\n2005\n\x0c                                                                                 PAGE 12\n\n\n\n\n                                       Questioned Costs\n\n                                                                        DOLLAR VALUE\n                                                                       (IN THOUSANDS)\n\n\n                                                                    UNSUPPORTED     QUESTIONED\n                                                           NUMBER      COSTS          COSTS\nA          For which no management decision\n           has been made by the\n           commencement of the reporting                     0           0                 0\n           period\n\nB          Which were issued during the\n           reporting period\n                                                             0           0                 0\n\n           Subtotals (A+B)                                   0           0                 0\n\nC          For which a management decision                   0           0                 0\n           was made during the reporting\n           period\n\n    (i)    Dollar value of disallowed costs                  0           0                 0\n\n    (ii)   Dollar value of costs not                         0          0                  0\n           disallowed\n\nD          For which no management                           0          0                  0\n           decision has been made by the end\n           of the period\n\n           Reports for which no management                   0          0                  0\n           decision was made within six\n           months of issuance\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N                    OCTOBER 31,\n2005\n\x0c                                                                               PAGE 13\n\n\n\n\n                 Recommendations That Funds Be Put To\n                           Better Use\n                                                                     DOLLAR VALUE\n                                                           NUMBER   (IN THOUSANDS)\nA               For which no management decision\n                has been made by the commencement\n                                                             1            132\n                of the reporting period\nB               Which were issued during the\n                reporting period\n                                                              0            0\n\n\n                Subtotals (A+B)                               1           132\nC               For which a management decision              1            132\n                was made during the period\n      (i)       Dollar value of recommendations that         0             0\n                were agreed to by management\n            -   Based on proposed management                 0             0\n                action\n            -   Based on proposed legislative action         0             0\n      (ii)      Dollar value of recommendations that         1            132\n                were not agreed to by management\nD               For which no management decision\n                has been made by the end of the\n                                                             0             0\n                reporting period\n                Reports for which no management\n                decision was made within six months\n                                                             0             0\n                of issuance\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N               OCTOBER 31,\n2005\n\x0c                                                                              PAGE 14\n\n\n\n\n           Reports with No Management Decisions\nA management decision has been made on our recommendation that $132,000 be put to\nbetter use (Audit No. 376, Telephone Card Program, summarized in a previous semi-annual\nreport). In that audit, we had recommended that apparently erroneous charges totaling\n$132,000 for regional telephone service be recovered from the General Services\nAdministration (GSA), and future billings from GSA be reviewed for accuracy. In its\nresponse to our prior Semi-Annual Report, management indicated that the charges from\nGSA were proper, and that no refund was due the Commission.\n\n\n\n                     Revised Management Decisions\nNo management decisions were revised during the period.\n\n\n\n           Agreement with Significant Management\n                         Decisions\nThe Office of Inspector General agrees with all significant management decisions regarding\naudit recommendations.\n\n\n\n\nS E C U R I T I E S & E X C H AN G E C O M M I S S I O N               OCTOBER 31,\n2005\n\x0c                      MANAGEMENT RESPONSE OF\n               THE SECURITIES AND EXCHANGE COMMISSION\n    ACCOMPANYING THE SEMIANNUAL REPORT OF THE INSPECTOR GENERAL\n         FOR THE PERIOD APRIL 1, 2005 THROUGH SEPTEMBER 30, 2005\n\n\nIntroduction\n\nThe Semiannual Report of the Inspector General (IG) of the Securities and Exchange\nCommission (SEC) was submitted to the Chairman on October 31, 2005 as required by the\nInspector General Act of 1978, as amended. The report has been reviewed by a member of the\nExecutive Staff, Executive Director, General Counsel, and Director of the Division of\nEnforcement. The Management Response is based on their views and consultation with the\nChairman.\n\nThe Management Response is divided into four sections to reflect the specific requirements\nlisted in Section 5(b) of the Inspector General Act of 1978, as amended.\n\n                                        Section I\n                   Comments Keyed to Significant Sections of the IG Report\n\nA. Audit Program\n\n     During the reporting period, the IG issued seven audit reports, one audit memoranda, two\n     investigative memoranda and one special project report. Management generally concurred\n     with the findings and recommendations in the IG\xe2\x80\x99s reports.\n\n     In addition to audits performed by the agency\xe2\x80\x99s IG, the Government Accountability Office\n     (GAO) actively reviewed program and administrative functions of the SEC. A complete\n     listing of all GAO audit activity involving the SEC is attached as Appendix A.\n\nB.    Response to Significant Problems\n\n      No new significant problems were identified by the IG during this reporting period.\n\nC. Response to Significant Problems Previously Identified\n\n     Financial Management System Controls\n\n     The Inspector General continues to report financial management system controls as a\n     significant problem. As noted in the IG\xe2\x80\x99s Semiannual Report, a 2002 audit of the\n     Commission\xe2\x80\x99s financial management system controls found weaknesses related to property\n     accountability, accounting and control of disgorgements, and information system security\n     controls. Prior FMFIA reports and recent Government Accountability Office audits of the\n     SEC\xe2\x80\x99s financial statements also confirmed that controls in these areas need strengthening,\n     with the exception of property accountability.\n\n\xc2\xa0                                            \xc2\xa0                                              \xc2\xa0\xc2\xa0\n\x0cThe SEC has been working aggressively to strengthen controls as soon as possible. A\nsampling of the actions taken during fiscal 2005 follows.\n\n   \xe2\x80\xa2   Completed a review of disgorgement and penalty financial data.\n\n   \xe2\x80\xa2   Completed the requirements analysis for replacement of the financial system that\n       stores financial data related to disgorgements and penalties.\n\n   \xe2\x80\xa2   Expanded financial management staff.\n\n   \xe2\x80\xa2   Drafted, expanded or completed many accounting policies and procedures.\n\n   \xe2\x80\xa2   Reconciled some subsidiary records on a monthly basis.\n\n   \xe2\x80\xa2   Certified and accredited over half of the SEC\xe2\x80\x99s major systems.\n\n   \xe2\x80\xa2   Established a security policy framework and initiated the publication of over 25\n       security directives.\n\n   \xe2\x80\xa2   Provided security training to over 4,200 SEC employees and contractor staff.\n\nStrengthening financial management system controls is a major operational objective in\nfiscal 2006.\n\nInformation Resources Management\n\nThe SEC is working continually to strengthen its management of information technology, as\nreflected in the IG\xe2\x80\x99s Semiannual Report. A sampling of the actions taken during this\nreporting period follows.\n\n   \xe2\x80\xa2   Implemented an enterprise-wide IT investment portfolio process.\n\n   \xe2\x80\xa2   Established controls that provide capital planning and investment control decision-\n       making authorities key IT investment information necessary to make effective\n       funding decisions and to monitor and evaluate progress of approved IT investments.\n\n   \xe2\x80\xa2   Updated the enterprise architecture repository and modeling capabilities with the\n       procurement of industry standard repository and modeling tools.\n\n   \xe2\x80\xa2   Developed an enterprise architecture framework and reference models for aligning\n       with the Federal Enterprise Architecture and for developing, disseminating, and\n       using the enterprise architecture in the conception, approval, and management of IT\n       investments with the SEC.\n                                          2\n\x0c     These efforts will continue in fiscal 2006, as the SEC continues to mature its IT\n     management and governance processes and controls.\n\nD. IG Recommendations Concerning Use of Funds\n\n     None.\n\nE.   Reports with No Management Decisions\n\n     Management decisions have been made on all audits issued prior to the beginning of the\n     reporting period (April 1, 2005).\n\nF.   Revised Management Decisions\n\n     No management decisions were revised during the reporting period.\n\n\n\n\n                                                 3\n\x0cSEC Management Response to\nSemiannual IG Report\nApril 1, 2005 \xe2\x80\x93 September 30, 2005\n\n\n                                          SECTION II\n                                        Disallowed Costs\n                                    As of September 30, 2005\n\n\n                                                                   Dollar Value\n                                                          Number   (in thousands)\n\nA.     For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                        0          $0\n\nB.     On which management decisions\n       were made during the reporting\n       period                                                  0          $0\n\n       (Subtotal A+B)                                          0          $0\n\nC.     For which final action was\n       taken during the reporting\n       period                                                  0          $0\n\n       (i)    Recovered by management                          0          $0\n\n       (ii)   Disallowed by management                         0          $0\n\nD.     For which no final action has\n       been taken by the end of the\n       reporting period                                        0          $0\n\n\n\n\n                                               4\n\x0cSEC Management Response to\nSemiannual IG Report\nApril 1, 2005 \xe2\x80\x93 September 30, 2005\n\n\n                                           SECTION III\n                                      Funds Put to Better Use\n                                     As of September 30, 2005\n\n\n                                                                  Dollar Value\n                                                         Number   (in thousands)\n\nA.     For which final action has\n       not been taken by the\n       commencement of the\n       reporting period                                    0             $0\n\nB.     On which management decisions\n       were made during the reporting\n       period                                              0             $0\n\nC.     For which final action was\n       taken during the reporting\n       period:\n\n       (i)    Dollar value of recom-\n              mendations that were\n              agreed to by management                      0             $0\n\n       (ii)   Dollar value of recom-\n              mendations that management\n              has subsequently concluded\n              should/could not be\n              implemented or completed                     0             $0\n\nD.     For which no final action has been\n       taken by the end of the reporting period            0             $0\n\n\n\n\n                                                  5\n\x0c                                                                                   SEC Management Response to\n                                                                                   Semiannual IG Report\n                                                                                   April 1, 2005 \xe2\x80\x93 September 30, 2005\n\n                                                    SECTION IV\n                                        Open Audit Reports Over One Year Old\n                                              As of September 30, 2005\n\n\n                                          Funds Put to\n                                            Better Use          Questioned Costs\nAudit #   Audit Title        Issued       (in thousands)         (in thousands)    Reason Final Action Not Taken\n\n220       IRM Planning and\n          Execution          3/26/1996        $0                      $0           An overarching policy framework\n                                                                                   was implemented in fiscal 2005, which\n                                                                                   addresses all aspects of IT management.\n                                                                                   Individual policies and procedures are\n                                                                                   being prepared as resources and priorities\n                                                                                   permit.\n\n243       SECOA Local Area\n          Network            3/21/1997        $0                      $0           A major effort is underway to certify and\n                                                                                   accredit existing major applications and\n                                                                                   general support systems. This effort is\n                                                                                   expected to be completed in 2006.\n\n257       Client Server      9/9/1997         $0                      $0           See explanation for audit #220 above.\n\n\n\n                                                            6\n\x0c                                                                                         SEC Management Response to\n                                                                                         Semiannual IG Report\n                                                                                         April 1, 2005 \xe2\x80\x93 September 30, 2005\n\n                                                         SECTION IV\n                                             Open Audit Reports Over One Year Old\n                                                   As of September 30, 2005\n\n\n                                                 Funds Put to\n                                                   Better Use         Questioned Costs\nAudit #   Audit Title               Issued       (in thousands)        (in thousands)     Reason Final Action Not Taken\n\n309       Telecommunications\n          Vulnerabilities           3/31/2000        $0                     $0            Extensive revision is underway to all IT\n                                                                                          policies.\n\n320       General Computer Controls 12/26/2000         $0                   $0            The recommendations are being addressed\n                                                                                          as part of the remediation efforts underway\n                                                                                          as a result of the audits of SEC\xe2\x80\x99s financial\n                                                                                          statements.\n\n327       General Computer\n          Controls\xe2\x80\x94Regions          2/28/2001        $0                     $0            See explanation for audit #220.\n\n\n\n\n                                                                  7\n\x0c                                                                                             SEC Management Response to\n                                                                                             Semiannual IG Report\n                                                                                             April 1, 2005 \xe2\x80\x93 September 30, 2005\n\n                                                           SECTION IV\n                                               Open Audit Reports Over One Year Old\n                                                     As of September 30, 2005\n\n\n                                                 Funds Put to\n                                                  Better Use              Questioned Costs\nAudit #   Audit Title               Issued           (in thousands)       (in thousands)      Reason Final Action Not Taken\n\n337       IT Project Management     1/24/2002        $0                        $0             See explanation for audit #220.\n\n346       Commission Oversight of\n            NAFI                    3/7/2002           $0                      $0             Given changing circumstances since the\n                                                                                              issuance of the audit report, including the\n                                                                                              nature of the Recreation and Welfare\n                                                                                              Association\xe2\x80\x99s funding sources, management\n                                                                                              is determining the efficacy of maintaining\n                                                                                              the Association.\n350       Administration of IT\n          Contracts                 8/28/2002          $0                       $0            Formal policies and procedures regarding\n                                                                                              training and experience requirements for\n                                                                                              delegated procurement authority will be\n                                                                                              issued after OMB issues training standards.\n\n\n\n\n                                                                      8\n\x0c                                                                                          SEC Management Response to\n                                                                                          Semiannual IG Report\n                                                                                          April 1, 2005 \xe2\x80\x93 September 30, 2005\n\n\n                                                            SECTION IV\n                                                Open Audit Reports Over One Year Old\n                                                      As of September 30, 2005\n\n                                                Funds Put to\n                                                  Better Use         Questioned Costs\nAudit #   Audit Title               Issued      (in thousands)        (in thousands)    Reason Final Action Not Taken\n\n351       EDGAR Utility to\n          Commission Staff          1/15/2003         $0                   $0           Post-acceptance corrections are being\n                                                                                        addressed. The outcome will\n                                                                                        become part of the requirements for a\n                                                                                        follow-on contract, which should be signed\n                                                                                        in 2006.\n\n353       Regional Telecommuni-\n          cations Security          8/20/2002       $0                     $0           See explanation for audit #309.\n\n361       Commission Web Security   9/30/2002         $0                   $0           See explanation for audit #320.\n\n362       Financial Management\n          System Controls           3/27/2003         $0                   $0           See explanation for #320.\n\n\n\n                                                                 9\n\x0c                                                                                          SEC Management Response to\n                                                                                          Semiannual IG Report\n                                                                                          April 1, 2005 \xe2\x80\x93 September 30, 2005\n\n                                                          SECTION IV\n                                              Open Audit Reports Over One Year Old\n                                                    As of September 30, 2005\n\n\n                                                 Funds Put to\n                                                   Better Use          Questioned Costs\nAudit #   Audit Title                Issued      (in thousands)         (in thousands)    Reason Final Action Not Taken\n\n365       IT Capital Investment\n          Decision-making Followup   3/29/2004         $0                    $0           A charter for the SEC\xe2\x80\x99s Capital Planning\n                                                                                          Committee and several policy documents\n                                                                                          are being reviewed by the Office of\n                                                                                          General Counsel.\n\n368       SEC Recreation and\n          Welfare Asso. Financial\n          Management                 7/31/2003         $0                    $0           See explanation for audit #346.\n\n371       Small Business Reg D\n          Exemption Process          3/31/2004         $0                    $0           The two remaining recommendations\n                                                                                          are being addressed as part of a rule-\n                                                                                          making initiative. A process has been\n                                                                                          worked out to coordinate development\n                                                                                          of the rule proposals with state securities\n                                                                                          regulators.\n\n                                                                  10\n\x0c                                                                                          SEC Management Response to\n                                                                                          Semiannual IG Report\n                                                                                          April 1, 2005 \xe2\x80\x93 September 30, 2005\n\n                                                         SECTION IV\n                                             Open Audit Reports Over One Year Old\n                                                   As of September 30, 2005\n\n\n                                                 Funds Put to\n                                                   Better Use          Questioned Costs\nAudit #   Audit Title               Issued       (in thousands)         (in thousands)       Reason Final Action Not Taken\n\n376       Telephone Card Program    11/17/2003         $0                    $0              A formal policy document is expected\n                                                                                             to be completed by calendar year-end.\n\n377       Lost and Stolen\n          Securities Program        3/31/2004          $0                    $0              Certain issues related to the program are\n                                                                                             under review by the Lost and Stolen\n                                                                                             Securities Program Advisory\n                                                                                             Board. Those issues are expected to\n                                                                                             be resolved by calendar year-end.\n\n383       Targeting IA/IC Compliance 9/29/2004         $0                    $0\n          Examinations                                                                       A task force is studying how to enhance\n                                                                                             the Commission\xe2\x80\x99s surveillance of\n                                                                                             investment advisers.\n\n\n\n\n                                                                  11\n\x0c                                                                                       SEC Management Response to\n                                                                                       Semiannual IG Report\n                                                                                       April 1, 2005 \xe2\x80\x93 September 30, 2005\n\n                                                        SECTION IV\n                                            Open Audit Reports Over One Year Old\n                                                  As of September 30, 2005\n\n\n                                              Funds Put to\n                                                Better Use          Questioned Costs\nAudit #   Audit Title            Issued       (in thousands)         (in thousands)       Reason Final Action Not Taken\n\n385       Office of Economic\n          Analysis               6/29/2004          $0                    $0              Efforts are underway to define a\n                                                                                          form of publication that is viewed as\n                                                                                          the work of staff and to implement a\n                                                                                          working paper series.\n\nM33       Unclaimed Commission\n          Property               11/12/2003         $0                    $0              The staff is determining the appropriate\n                                                                                          state authorities to contact and whether\n                                                                                          there are any restrictions in implementing\n                                                                                          the open audit recommendation.\n\nG-404     Legal Review of\n          Procurement Actions    9/3/2004           $0                    $0              A policy document is being drafted to\n                                                                                          satisfy the one remaining open\n                                                                                          recommendation.\n\n\n                                                               12\n\x0c                                                                    APPENDIX A\n\n\n                GOVERNMENT ACCOUNTABILITY OFFICE AUDIT ACTIVITY\n               INVOLVING THE SECURITIES AND EXCHANGE COMMISSION\n\n\nReports Completed During the Reporting Period\n\n    1.    Mutual Fund Trading Abuses: Lessons Can Be Learned from SEC Not Having Detected\n          Violations at an Earlier Stage (GAO-05-313, April 2005)\n\n    2.    Financial Audit: Securities and Exchange Commission\xe2\x80\x99s Financial Statements for Fiscal\n          Year 2004 (GAO-05-244, May 2005)\n\n    3.    Mutual Fund Trading Abuses: SEC Consistently Applied Procedures in Setting Penalties,\n          but Could Strengthen Certain Internal Controls (GAO-05-385, May 2005)\n\n    4.    USA Patriot Act: Additional Guidance Could Improve Implementation of Regulations\n          Related to Customer Identification and Information Sharing Procedures (GAO-05-412,\n          May 2005)\n\n    5.    Securities Markets: Decimal Pricing has Contributed to Lower Trading Costs and a More\n          Challenging Trading Environment (GAO-05-535, May 2005)\n\n    6.    Conversions of Selected Employees from Noncareer to Career Positions at Departments\n          and Certain Agencies (GAO-05-584R, June 9, 2005)\n\n    7.    Information Security Practices: Financial Market Organizations Have Taken Steps to\n          Protect Against Electronic Attacks, but Could Take Additional Actions (GAO-05-679R,\n          June 29, 2005)\n\n    8.    Federal Student Loan Repayment Program: OPM Could Build on Its Efforts to Help\n          Agencies Administer the Program and Measure Results (GAO-05-762, July 2005)\n\n    9.    Public Utility Holding Company Act: Opportunities Exist to Strengthen SEC\xe2\x80\x99s\n          Administration of the Act (July 2005)\n\n    10.   Material Internal Control Issues Reported in SEC\xe2\x80\x99s Fiscal Year 2004 Financial Statement\n          Audit Report (GAO-05-691R, July 27, 2005)\n\n    11.   Management Report: Opportunities for Improvements in SEC\xe2\x80\x99s Internal Controls and\n          Accounting Procedures (GAO-05-693R, August 12, 2005)\n\n    12.   Mutual Fund Industry: SEC\xe2\x80\x99s Revised Examination Approach Offers Potential Benefits,\n          but Significant Oversight Challenges Remain (GAO-05-415, August 2005)\n\n\xc2\xa0                                             \xc2\xa0                                           \xc2\xa0\xc2\xa0\n\x0c 13.     Globalization: Numerous Federal Activities Complement U.S. Business\xe2\x80\x99s Global\n         Corporate Social Responsibility Efforts (GAO-05-744, August 2005)\n\n 14.     SEC and CFTC Penalties: Continued Progress Made in Collection Efforts, but Greater\n         SEC Management Attention is Needed (GAO-05-670, August 2005)\n\n 15.     Agency Telework Methodologies (GAO-05-1055R, September 27, 2005)\n\n 16.     Industrial Loan Corporations: Recent Asset Growth and Commercial Interest Highlight\n         Differences in Regulatory Approach (GAO-05-621, September 2005)\n\n 17.     Tax Administration: Systematic Information Sharing Would Help IRS Determine the\n         Deductibility of Civil Settlement Payments (GAO-05-747, September 2005)\n\n\nProjects Active as of September 30, 2005\n\n1.     Workforce Planning (250234). A review of the SEC\xe2\x80\x99s strategic workforce planning efforts,\n       including the extent to which SEC has (1) established a workforce planning process that is\n       aligned with its mission and programmatic goals and (2) developed and implemented long-\n       term strategies for acquiring, developing, and retaining staff necessary to achieve these\n       goals.\n\n2.     Social Security Numbers and Third Party Contracting (130395). A review of the uses and\n       protections of social security numbers.\n\n3.     Whois Database (310724). A study to (1) determine the prevalence of patently false\n       contact data in the Whois database for \xe2\x80\x9clegacy\xe2\x80\x9d generic top-level domains, (2) report the\n       steps the Commerce Department and the Internet Corporation for Assigned Names and\n       Numbers have taken to ensure the accuracy of contact data in the database, and (3)\n       determine whether tools and technologies are available to help reduce the amount of false\n       information that is entered into the database.\n\n4.     Military Insurance Sales (250166). A review of the financial products that are commonly\n       marketed to military service members, the regulatory oversight associated with marketing\n       and sale of these products on military installations, the regulatory oversight and consumer\n       protections afforded military personnel compared to those afforded the general public, and\n       how regulators assess the suitability of such products.\n\n5.     Pay Systems (842157). A review of public and private sector organizations\xe2\x80\x99 experiences in\n       designing and implementing pay systems that are intended to be performance-based and\n       market sensitive. Through meetings with SEC, GAO plans to determine if SEC\xe2\x80\x99s pay\n       system could be used as a possible example to illustrate how a specific design or\n       implementation issue is being addressed.\n\n\n                                                 2\n\x0c6.    EEO Leadership Survey (450307). A government-wide survey of (1) how agencies are\n      structured to meet EEO, affirmative employment and workforce diversity requirements, (2)\n      the extent to which human capital and EEO managers perceive that these requirements\n      contribute to EEO, affirmative employment, and workforce diversity objectives, and (3)\n      how human capital and EEO managers view the guidance and feedback central leadership\n      agencies provide.\n\n7.    Federal Energy Programs (360415). A review of how the Federal Government is working\n      to meet the nation\xe2\x80\x99s energy needs. GAO\xe2\x80\x99s contact with SEC will focus on issues relating to\n      oversight of the Public Utility Holding Company Act and any involvement SEC has had\n      with the National Energy Policy.\n\n8.    Effects of Sarbanes-Oxley on Small Business (250224). A review of (1) the effects of the\n      Act on small companies, (2) the extent to which financial institutions and states are\n      requiring small privately-held companies to comply with provisions of the Act and the\n      corresponding impacts, and (3) the impact, if any, the Act has had on small accounting and\n      auditing firms.\n\n9.    Decimalization (250195). A review of the impact decimalization has had on the securities\n      markets, securities market participants, and institutional and retail investors.\n\n10.   FY 2005 Financial Statement Audit. An audit of the SEC\xe2\x80\x99s fiscal year 2005 financial\n      statements.\n\n\n\n\n                                               3\n\x0c"